Microsoft, the subject of more than a few vulnerability disclosures from Chocolate Factory researchers, alerted Google to the issue, which is down to a misconfiguration in the way the keys handle Bluetooth pairing protocols.

Google is recalling the Bluetooth Low Energy (BLE) version of its Titan Security Key, and is offering free replacements to owners. It allows a so-called Man in The Middle (MiTM) attack, in which someone could get between your Titan key and the device it's communicating with. Just take extra precautions, such as using your security key away from other people and immediately unpairing it after you sign-in to your Google account.

This flaw can enable an attacker who is within 30 feet of you while you're using the key to communicate with it or with the device it is paired to. The circumstances that would have to align include an attacker in close proximity (less than 30 feet or so), who is able to time their attack to the exact moment that you connect with your security key. After that, they could attempt to change their device to appear as a Bluetooth keyboard or mouse and potentially take actions on your device. To check whether your device needs to be replaced, look for a letter and number combo on the back of the key near the bottom. If it's marked T1 or T2, Google will replace it for free.

"Due to a misconfiguration in the Titan Security Keys' Bluetooth pairing protocols, it is possible for an attacker who is physically close to you at the moment you use your security key - within approximately 30 feet - to (a) communicate with your security key, or (b) communicate with the device to which your key is paired", it said. Security keys that use USB or Near Field Communication are unaffected.

The Titan security key bundle.

The threat of having the key hijacked and the current incompatibility with the latest release of iOS are sure to generate further user resistance to using the BLE-based keys. However, the company recommended that users do not stop using the keys until they get a replacement, as they can provide enhanced security, compared to not using a security key after all. After you've used your key to sign into your Google Account on your device, immediately unpair it. Brand said that security keys continued to represent one of the most meaningful ways to protect accounts and advised that people continue to use the keys while waiting for a new one. "While Yubico previously initiated development of a BLE security key, and contributed to the BLE U2F standards work, we decided not to launch the product as it does not meet our standards for security, usability and durability". You will need to sign into your Google account when you access the site to claim your replacement. If you don't do that and own a phone that'll pick-up the June security patch next month, your phone will automatically unpair it.

Related:

Dementia is a persistent impairment of mental process marked by memory disorder, personality changes, and impaired reasoning. Dementia results from a variety of diseases and injuries that affect the brain, such as Alzheimer disease or stroke.

Uber's Uber Black and Uber Black SUV brands are getting some new features that focus on improving the rider experience. Some drivers may give riders a lower score if they aren't polite or don't talk enough.

As for the future, Rudolph says, "I don't want her to work again till she is ready, physically, mentally and passionately". There's a possibility Britney Spears might never perform again, according to her longtime manager Larry Rudolph .

Bill Johnson told the state Assembly Utilities and Energy Committee he had expected the utility would be blamed for the fire. Its reorganization plan is due by the end of May, but the utility has requested an extension until November.

This means the order ships in one box, or as few as possible, and it travels a shorter distance via low-cost ground shipping. Two years ago, Walmart began offering free two-day shipping on millions of items on its website for orders of at least $35.

Rodgers appearance in the GOT episode titled, The Bells , did not last long before he was consumed in a storm of dragon fire. Viewers focusing on the drama and action of Sunday's Game of Thrones episode may have missed a certain MVP cameo.

Pop star Taylor Swift has reportedly incorporated the technology at one of her shows, using it to help identify stalkers. Departments will need to get board approval to continue using or acquiring technology.

Super Mario Maker 2 Has A Story Mode And Much More
When the game was revealed in February they teased that levels from the Wii U and Switch Mario titles will be available. The custom scroll addition lets users customize the scroll in a scrolling course, including speed and trajectory.

Did Le'Veon Bell cost former Jets GM his job?
ESPN suggests the GM position could be taken up by Philadelphia Eagles executive Joe Douglas, who has some ties to Gase. The Jets and Bell agreed to a four year, $52.5 million contract in March that includes $25 million guaranteed.

Monster-Hunting RPG 'Dauntless' Heading to Xbox One Next Week
According to the press release , this new monster hunting title will launch on May 21st on the PC via the Epic Games Store . They are waiting for you: regular updates, seasonal events, new Behemoths and much more in a rich and ever-changing world.